[Bug malloc/26731] New: [regression 2.26] malloc with TCACHE does not respect M

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug malloc/26731] New: [regression 2.26] malloc with TCACHE does not respect M_PERTURB
@ 2020-10-14  5:28 thiago at kde dot org
  0 siblings, 0 replies; only message in thread
From: thiago at kde dot org @ 2020-10-14  5:28 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=26731

            Bug ID: 26731
           Summary: [regression 2.26] malloc with TCACHE does not respect
                    M_PERTURB
           Product: glibc
           Version: 2.32
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: malloc
          Assignee: unassigned at sourceware dot org
          Reporter: thiago at kde dot org
  Target Milestone: ---

Tested on 2.32, but the code dates back to 2.27.

Testcase:
#include <malloc.h>
#include <stdlib.h>
#include <stdio.h>

#define BLKSIZE 64

void check_block_null(const char *which, unsigned char *ptr, size_t len)
{
    size_t count = 0;
    for (size_t i = 0; i < len; ++i) {
        if (ptr[i] == 0)
            continue;
        fprintf(stderr, "Byte %d in %s block %p is not null (%#02x)\n",
                i, which, ptr, ptr[i]);
        ++count;
    }
    if (count)
        abort();
}

int main()
{
    mallopt(M_PERTURB, 0xff);
    unsigned char *ptr = malloc(BLKSIZE);
    check_block_null("first", ptr, BLKSIZE);

    // overwrite block
    for (size_t i = 0; i < BLKSIZE; ++i)
        ptr[i] = i;
    free(ptr);

    ptr = malloc(BLKSIZE);
    check_block_null("reallocated", ptr, BLKSIZE);
}

This prints the following then crashes (openSUSE Tumbleweed):
Byte 0 in reallocated block 0x4592a0 is not null (0x59)
Byte 1 in reallocated block 0x4592a0 is not null (0x4)
Byte 16 in reallocated block 0x4592a0 is not null (0x10)
Byte 17 in reallocated block 0x4592a0 is not null (0x11)
Byte 18 in reallocated block 0x4592a0 is not null (0x12)
Byte 19 in reallocated block 0x4592a0 is not null (0x13)
Byte 20 in reallocated block 0x4592a0 is not null (0x14)
Byte 21 in reallocated block 0x4592a0 is not null (0x15)
Byte 22 in reallocated block 0x4592a0 is not null (0x16)
Byte 23 in reallocated block 0x4592a0 is not null (0x17)
Byte 24 in reallocated block 0x4592a0 is not null (0x18)
Byte 25 in reallocated block 0x4592a0 is not null (0x19)
Byte 26 in reallocated block 0x4592a0 is not null (0x1a)
Byte 27 in reallocated block 0x4592a0 is not null (0x1b)
Byte 28 in reallocated block 0x4592a0 is not null (0x1c)
Byte 29 in reallocated block 0x4592a0 is not null (0x1d)
Byte 30 in reallocated block 0x4592a0 is not null (0x1e)
Byte 31 in reallocated block 0x4592a0 is not null (0x1f)
Byte 32 in reallocated block 0x4592a0 is not null (0x20)
Byte 33 in reallocated block 0x4592a0 is not null (0x21)
Byte 34 in reallocated block 0x4592a0 is not null (0x22)
Byte 35 in reallocated block 0x4592a0 is not null (0x23)
Byte 36 in reallocated block 0x4592a0 is not null (0x24)
Byte 37 in reallocated block 0x4592a0 is not null (0x25)
Byte 38 in reallocated block 0x4592a0 is not null (0x26)
Byte 39 in reallocated block 0x4592a0 is not null (0x27)
Byte 40 in reallocated block 0x4592a0 is not null (0x28)
Byte 41 in reallocated block 0x4592a0 is not null (0x29)
Byte 42 in reallocated block 0x4592a0 is not null (0x2a)
Byte 43 in reallocated block 0x4592a0 is not null (0x2b)
Byte 44 in reallocated block 0x4592a0 is not null (0x2c)
Byte 45 in reallocated block 0x4592a0 is not null (0x2d)
Byte 46 in reallocated block 0x4592a0 is not null (0x2e)
Byte 47 in reallocated block 0x4592a0 is not null (0x2f)
Byte 48 in reallocated block 0x4592a0 is not null (0x30)
Byte 49 in reallocated block 0x4592a0 is not null (0x31)
Byte 50 in reallocated block 0x4592a0 is not null (0x32)
Byte 51 in reallocated block 0x4592a0 is not null (0x33)
Byte 52 in reallocated block 0x4592a0 is not null (0x34)
Byte 53 in reallocated block 0x4592a0 is not null (0x35)
Byte 54 in reallocated block 0x4592a0 is not null (0x36)
Byte 55 in reallocated block 0x4592a0 is not null (0x37)
Byte 56 in reallocated block 0x4592a0 is not null (0x38)
Byte 57 in reallocated block 0x4592a0 is not null (0x39)
Byte 58 in reallocated block 0x4592a0 is not null (0x3a)
Byte 59 in reallocated block 0x4592a0 is not null (0x3b)
Byte 60 in reallocated block 0x4592a0 is not null (0x3c)
Byte 61 in reallocated block 0x4592a0 is not null (0x3d)
Byte 62 in reallocated block 0x4592a0 is not null (0x3e)
Byte 63 in reallocated block 0x4592a0 is not null (0x3f)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2020-10-14  5:28 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-14  5:28 [Bug malloc/26731] New: [regression 2.26] malloc with TCACHE does not respect M_PERTURB thiago at kde dot org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).